CPView Utility is a text based built-in utility that can be run ('cpview' command) on Security Gateway / Security Management Server / Multi-Domain Security Management Server. CPView Utility shows statistical data that contain both general system information (CPU, Memory, Disk space) and information for different Software Blades (only on Security Gateway). The data is continuously updated in easy to access views.
On Security Gateway, this statistical data can be used to monitor machine's performance.
(2) Supported Deployments
CPView Utility is built-in and supported only on:
Versions
R77 GA and higher
R76SP.50
Operating Systems
Gaia OS / SecurePlatform OS
Products
Security Gateway:
R76SP.50, R77, and higher - full monitoring of system resources, software blades, etc.
R77.10 and higher - history mode was added
R76SP.50 - history mode is not supported
Security Management Server:
R77 and higher - only monitoring of CPU, Memory and Disk Space
R77 and higher - history mode is not supported
Multi-Domain Security Management Server:
R77.30 - CPView is not supported
R77, R77.10, and R77.20 - only monitoring of CPU, Memory and Disk Space
R77, R77.10, and R77.20 - History mode is not supported
When cpview is executed several times in parallel (for example when 2 or more admins are running it in parallel), data inconsistency may occur. Example: data gets zeroed once every few seconds.
Security Gateway
History Mode is not supported in R77 GA (feature was added only in R77.10).
History Mode is not supported in R76SP.50 (GA Take 84).
VSX Gateway
For pre-R80.40: History Mode is not fully supported - only the information from the context of VSX machine itself (VS0) is recorded.
"SysInfo" view always shows "Platform Gaia 32Bit", even when running 64-bit kernel (issue was resolved in R77.30).
Security Management Server (does not apply to StandAlone)
"Top Protocols" show TCP:1024 as a high use protocol/service
This is by design. TCP:1024 represents all TCP high ports - TCP ports above 1024.
Gaia Embedded OS
600 / 700 / 1100 / 1200R / 1400 / Series-80 appliances are not supported.
X-Series XOS
X-Series appliances are not supported.
CPView History file that was collected on another machine
The time presented in the CPview history is according to the time/timezone of the target machine, on which you open the CPview history file. If you need to see the exact timestamps of the source machine, then before loading the source CPView history data, change the timezone on your target machine to match the timezone of the source machine.
(7) Notes
The History database is saved in:
Version
Location
R81.10 and higher
$CPDIR/cpview_services/cpview_services.dat
R80.40 - R81
$CPDIR/log/cpview_services/cpview_services.dat
R77.30 - R80.30
/var/log/CPView_history/CPViewDB.dat
The History Mode saves the data for 30 days, unless the available space in /var/log/ is less than 512 MB
Throughput displayed in Gaia Portal is much higher (approximately twice as much) than the throughput displayed in CPView Utility.
The throughput data is obtained directly from the hardware. The total throughput is a sum of all throughput counters in each path (Fast Path, Medium Path, and Slow Path).
Gaia Portal - Overview pane - widget Throughput
The throughput data is a sum of both Incoming and Outgoing traffic (sum of the RX packets and TX packets from /proc/net/dev). Packets are counted form all interfaces. If a packet passes through Slow Path (F2F), it will be counted twice.
Example:
(8) What's new in R81.10
Added the option to disable CPView and enable it again from the command line:
To disable CPView, run in the Expert mode:
kill -SIGUSR1 $(pidof cpviewd)
To enable the CPView again, run in the Expert mode:
cpviewd enable
(9) What's new in R80.30
The syntax to work with the history database was changed from "cpview -t <timestamp>" to "cpview -t":
Run: cpview -t
In CPView history, press the t key.
Enter the applicable date and time and press Enter.
(10) What's new in R80.10
New view in CPView R80.10 is available - Mail Statistics related to Threat Emulation MTA:
Number of e-mails in MTA queue (Software-blades -> Threat-Emulation -> MTA -> Queues)
New views in CPView R77.30 are available, enabling more accurate and detailed analysis for Security Gateway:
Top protocols by throughput (Network -> Top-Protocols)
Top connections by throughput (Network -> Top-Connections)
Top protocols by CPU (I/S -> CPU -> Top-Protocols)
Top connections by CPU (I/S -> CPU -> Top-Connections) Note: The mode of the Firewall Priority Queues on Security Gateway should be set to "1" (CPU Connections Statistics) - refer to sk105762 - section "(IV-B) Monitoring - Evaluation of Heavy Connections"
Software-blades package updates information (Software-blades -> Overview) - displays information on last update time and package number for IPS, Anti-Virus, Anti-Bot, and Application Control blades.
CPView daemon "cpviewd" was moved from $FWDIR/bin/ to $CPDIR/bin/
(12) Troubleshooting
#
Symptoms
Root Cause
Next Steps
1
Output of the "cpview -t" command only shows "CPView: History is initializing".
Example:
[Expert@MyGW:0]# cpview -t
CPView: History is initializing
[Expert@MyGW:0]#
Very old history database.
CPView service searches for the most recent timestamp in the history database when it starts. A very old history database might cause this query to fail. As a result, CPView service might fail to start.
If a listed troubleshooting step does not help, proceed to the next one.
Make sure the /var/log partition is not full:
[Expert@MyGW:0]# df -h
If it is full, then delete (transfer to an external storage) all unnecessary files.
